| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
This fixes #1127.
This allow a user to provide their own zshrc/bashrc inside the jail.
This is very useful when using firejail to develop and prevent bad pip
packages to access your system.
|
| |
|
| |
|
|\
| |
| | |
disable-common.inc: add more ro editor/browser paths
|
| |
| |
| |
| |
| |
| | |
Similarly to the existing ~/.nanorc entry.
Taken from nano.profile.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move some paths from mutt.profile and neomutt.profile.
Added on commit 6b9bfad37 ("Fix python; add read-only to editors/cli
browsers;re-add cache directory", 2020-12-29) / PR #3849.
Misc: This is a follow-up to #5626.
|
|\ \
| | |
| | | |
inkscape: additional hardening and settings saving via D-Bus
|
| | | |
|
| |\ \ |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
warzone2100: additional paths for Arch Linux
|
| |\ \ \ \
| | | |/ /
| | |/| | |
|
| | | | |
| | | | |
| | | | | |
As suggested in review.
|
| | | | | |
|
| | |/ /
| |/| | |
|
| | | | |
|
| | | | |
|
| |/ /
|/| | |
|
| | | |
|
|\ \ \
| |_|/
|/| | |
modif: Prevent sandbox name from containing only digits
|
| | |
| | |
| | |
| | |
| | | |
Names should not contain only numbers,
as they are used in other commands as PIDs.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is already blocked by the first entry:
blacklist-nolog ${HOME}/.*_history
Added on commit 1d56e466c ("three new blacklist in disable-common.inc",
2019-06-18).
|
| | |
| | |
| | |
| | | |
group; added nvidia and X11 directories to @x11 group.
|
|\ \ \
| | | |
| | | | |
mutt.profile: add ~/.mutthistory & reduce amount of paths created
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Let either the respective program or the user create the file.
* ~/.bogofilter: Used by the bogofilter program
* ~/.msmtprc: Used by the msmtp program
Added on commit a8a8e33bc ("Add whitelisting to mutt; improve geary, new
profile for neomutt", 2020-12-28) / PR #3849.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To reduce the amount of spam created in the user home directory.
It's unlikely that these paths are going to be both:
* Created only after mutt is first opened through firejail and
* Created from within mutt
Also, no other profile does that:
$ git grep -El '(mkdir|mkfile) \$\{HOME\}/\.(emacs|nano|vim)' -- etc
etc/profile-m-z/mutt.profile
So just whitelist them if they already exist.
Added on commit a8a8e33bc ("Add whitelisting to mutt; improve geary, new
profile for neomutt", 2020-12-28) / PR #3849.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
From the manual of mutt 2.2.9:
> 3.125. history_file
>
> Type: path
> Default: "~/.mutthistory"
>
> The file in which Mutt will save its history.
|
|\ \ \ \
| | | | |
| | | | | |
build: auto-generate syntax files
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To ensure a consistent order.
Misc: This might also make it a bit faster.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Make the syntax target by default to make it harder to forget to update
the syntax files.
Note that the syntax files are built mostly silently and that they are
generated relatively fast (they only take 40~70ms to build on a not
exactly recent machine with `make clean; time make -j 4 syntax`), so
they should not add much noise nor time noise when just trying to build
firejail, for example.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Changes:
* Generate firejail.vim from firejail.vim.in
* Generate firejail-profile.lang from firejail-profile.lang.in
* Update the manual syntax file steps on the new command checklist on
CONTRIBUTING.md to use `make syntax` instead
Relates to #2679 #5502 #5577 #5612.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Changes:
* Use the commands from contrib/vim/syntax/firejail.vim to create
makefile targets to generate syntax lists in contrib/syntax/lists
* Add contrib/syntax/files/example.in as an example of how to generate
syntax files
* Generate and add the syntax lists, to make it easier to spot if they
are properly updated when a new command is added or if their recipes
also need changes
* Add "syntax" and "contrib" makefile targets
Note: The generation commands are executed mostly silently to avoid
generating too much noise when also making other targets.
Note2: In some generation commands, a `$$` escape is used to pass `$` to
the shell, to avoid being interpreted by make as the start of a macro.
Note3: `@make_input@` is used in example.in to make it clear that the
file is generated (and that it is generated by make rather than
configure), similarly to how `@configure_input@` is used in configure
input files. See also apparmor.vim:
$ head -n 2 /usr/share/vim/vimfiles/syntax/apparmor.vim
" generated from apparmor.vim.in by create-apparmor.vim.py
" do not edit this file - edit apparmor.vim.in or create-apparmor.vim.py instead
Environment: apparmor 3.1.2-1 on Artix Linux.
Relates to #2679 #5502 #5577 #5612.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Having all of syntax files in the same directory makes it easier to
reference all of them at once on a makefile (such as with
`contrib/syntax/files/*.in`).
Also, this makes the path to the gtksourceview language-spec shorter.
Current path/new path:
* contrib/gtksourceview-5/language-specs/firejail-profile.lang
* contrib/syntax/files/firejail-profile.lang
Currently, adding a rule to the root Makefile to generate the
language-spec in the same directory as an input file would take at least
95 characters (with only a single dependency):
contrib/gtksourceview-5/language-specs/%.lang: contrib/gtksourceview-5/language-specs/%.lang.in
With this commit, the above shortened to 59 characters:
contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in
Which should make it more readable.
Relates to #2679 #5502.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The seccomp filters are used by firejail itself at runtime (and are
installed to `$(libdir)`), while the man pages are used by an external
program (and installing them is optional; see `HAVE_MAN`), so reorder
them.
Misc: The seccomp filter targets were apparently added on commit
64431c712 ("seccomp work 1", 2016-11-20).
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
And also add an "error: " prefix, to make the output clearer.
Before:
$ rm -f config.mk; make config.mk
printf 'run ./configure to generate %s\n' "config.mk" >&2
run ./configure to generate config.mk
false
make: *** No rule to make target 'config.mk'. Stop.
After:
$ rm -f config.mk; make config.mk
error: run ./configure to generate config.mk
make: *** No rule to make target 'config.mk'. Stop.
This amends commit e21637ca8 ("makefiles: add generated files as
dependencies", 2022-06-23) / PR #5219.
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
See commit 9bf5e453c ("ci: sort items on paths-ignore lists",
2022-07-12) / PR #5481.
|
|\ \ \ \
| | | | |
| | | | | |
atool: fix private-etc
|
| | | | | |
|
|\ \ \ \ \
| |_|_|_|/
|/| | | |
| | | | |
| | | | | |
netblue30/dependabot/github_actions/github/codeql-action-2.2.1
build(deps): bump github/codeql-action from 2.1.39 to 2.2.1
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a34ca99b4610d924e04c68db79e503e1f79f9f02...3ebbd71c74ef574dbc558c82f70e52732c8b44fe)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This check was broken by commit 34d004892 ("private-etc: corss-distro
test for curl, gimp, inkscape, firefox, warzone2100", 2023-01-28).
private-etc is currently being reworked and the files in question may no
longer be required.
Output of running the check:
$ ./ci/check/profiles/private-etc-always-required.sh etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
etc/profile-a-l/curl.profile misses alternatives
etc/profile-a-l/curl.profile misses ld.so.cache
etc/profile-a-l/curl.profile misses ld.so.preload
etc/profile-a-l/firefox-common.profile misses alternatives
etc/profile-a-l/firefox-common.profile misses ld.so.cache
etc/profile-a-l/firefox-common.profile misses ld.so.preload
etc/profile-a-l/gimp.profile misses alternatives
etc/profile-a-l/gimp.profile misses ld.so.cache
etc/profile-a-l/gimp.profile misses ld.so.preload
etc/profile-a-l/inkscape.profile misses alternatives
etc/profile-a-l/inkscape.profile misses ld.so.cache
etc/profile-a-l/inkscape.profile misses ld.so.preload
etc/profile-m-z/warzone2100.profile misses alternatives
etc/profile-m-z/warzone2100.profile misses ld.so.cache
etc/profile-m-z/warzone2100.profile misses ld.so.preload
Relates to #4643 #5610.
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
Command used:
$ ./ci/check/profiles/sort.py etc/inc/*.inc etc/profile-*/*.profile
|
| | |
| | |
| | |
| | | |
This is necessary if I want to launch a terminal editor from
qutebrowser.
|
|/ / |
|
| | |
|
| | |
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Closes #5601
|